Cryptology ePrint Archive: Report 2017/982

Mind the Gap: Where Provable Security and Real-World Messaging Don't Quite Meet

Katriel Cohn-Gordon and Cas Cremers

Abstract: Secure messaging apps have enjoyed huge uptake, and with the headline figure of one billion active WhatsApp users there has been a corresponding burst of academic research on the topic. One might therefore wonder: how far is the academic community from providing concrete, applicable guarantees about the apps that are currently in widespread use? We argue that there are still significant gaps between the security properties that users might expect from a communication app, and the security properties that have been formally proven. These gaps arise from dubious technical assumptions, tradeoffs in the name of reliability, or simply features out of scope of the analyses. We survey these gaps, and discuss where the academic community can contribute. In particular, we encourage more transparency about analyses' restrictions: the easier they are to understand, the easier they are to solve.

Category / Keywords: cryptographic protocols / messaging implementation position

Date: received 5 Oct 2017

Contact author: me at katriel co uk

Available format(s): PDF | BibTeX Citation

Version: 20171009:145319 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]